package com.microsoft.ngc.aad;

import android.content.Context;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Base64;
import com.microsoft.authenticator.core.common.Assertion;
import com.microsoft.authenticator.core.common.Strings;
import com.microsoft.authenticator.core.logging.BaseLogger;
import com.microsoft.authenticator.core.telemetry.ITelemetryManager;
import com.microsoft.identity.common.internal.broker.JoinedAccountRequest;
import com.microsoft.identity.common.internal.dto.AccessTokenRecord;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftIdToken;
import com.microsoft.ngc.aad.metadata.CloudEnvironment;
import com.microsoft.ngc.aad.protocol.RequestFactory;
import com.microsoft.ngc.aad.protocol.exception.AadServiceException;
import com.microsoft.ngc.aad.protocol.exception.MissingMetadataException;
import com.microsoft.ngc.aad.protocol.exception.NgcKeyNotFoundException;
import com.microsoft.ngc.aad.protocol.request.AbstractRequest;
import com.microsoft.ngc.aad.protocol.request.evo.ApproveSessionRequest;
import com.microsoft.ngc.aad.protocol.response.AadNgcPushNotificationRegistrationResponse;
import com.microsoft.ngc.aad.protocol.response.AbstractResponse;
import com.microsoft.ngc.aad.protocol.response.drs.NgcDeletionResponse;
import com.microsoft.ngc.aad.protocol.response.drs.NgcRegistrationResponse;
import com.microsoft.ngc.aad.protocol.response.evo.GetNonceResponse;
import com.microsoft.ngc.aad.protocol.response.evo.ListSessionsResponse;
import com.microsoft.ngc.aad.telemetry.AadRemoteNgcTelemetry;
import com.microsoft.ngc.provider.cryptography.NgcCredentialManager;
import com.microsoft.ngc.provider.exceptions.NgcCredentialException;
import com.microsoft.ngc.provider.exceptions.UnrecoverableNgcCredentialException;
import java.security.InvalidKeyException;
import java.security.interfaces.RSAPublicKey;
import java.util.List;
import java.util.Locale;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class RemoteAuthenticationManager {
    private static final int JWT_BASE64_FLAGS = 11;
    private static final int JWT_VALIDITY_INTERVAL_IN_SECONDS = 300;
    private final Context _applicationContext;
    private final CloudEnvironment _environment;
    private final AadRemoteNgcTelemetry _telemetry;

    public RemoteAuthenticationManager(Context context, CloudEnvironment cloudEnvironment, ITelemetryManager iTelemetryManager) {
        this(context, cloudEnvironment, new AadRemoteNgcTelemetry(iTelemetryManager));
    }

    public RemoteAuthenticationManager(Context context, CloudEnvironment cloudEnvironment, AadRemoteNgcTelemetry aadRemoteNgcTelemetry) {
        Assertion.assertObjectNotNull(context, "applicationContext is null");
        this._applicationContext = context;
        this._environment = cloudEnvironment;
        this._telemetry = aadRemoteNgcTelemetry;
    }

    private String constructNgcAssertion(String str, String str2, String str3, String str4) throws NgcCredentialException, AadServiceException, UserNotAuthenticatedException {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("typ", "JWT");
            jSONObject.put("alg", JoinedAccountRequest.ALG_VALUE_RS256);
            jSONObject.put(AccessTokenRecord.SerializedNames.KID, str2);
            jSONObject.put("use", NgcSession.SESSION_TYPE_NGC);
            JSONObject jSONObject2 = new JSONObject();
            long currentTimeMillis = System.currentTimeMillis() / 1000;
            jSONObject2.put(MicrosoftIdToken.ISSUED_AT, currentTimeMillis);
            jSONObject2.put("exp", 300 + currentTimeMillis);
            jSONObject2.put(MicrosoftIdToken.ISSUER, str);
            jSONObject2.put(MicrosoftIdToken.AUDIENCE, "");
            jSONObject2.put("scope", "openid aza");
            jSONObject2.put("request_nonce", str3);
            jSONObject2.put("deviceid", str4);
            String format = String.format(Locale.US, "%s.%s", Base64.encodeToString(jSONObject.toString().getBytes(Strings.Utf8Charset), 11), Base64.encodeToString(jSONObject2.toString().getBytes(Strings.Utf8Charset), 11));
            try {
                NgcCredentialManager ngcCredentialManager = new NgcCredentialManager(this._applicationContext);
                if (ngcCredentialManager.containsKey(str)) {
                    return String.format(Locale.US, "%s.%s", format, Base64.encodeToString(ngcCredentialManager.sign(format.getBytes(Strings.Utf8Charset), str), 11));
                }
                BaseLogger.e("Credential manager doesn't contain key for upn: " + str);
                throw new UnrecoverableNgcCredentialException("Key is not present in storage");
            } catch (KeyPermanentlyInvalidatedException e) {
                throw new UnrecoverableNgcCredentialException(e);
            } catch (UserNotAuthenticatedException e2) {
                throw e2;
            } catch (InvalidKeyException e3) {
                throw new NgcCredentialException(e3);
            }
        } catch (JSONException e4) {
            BaseLogger.e("Error constructing NGC assertion.", e4);
            throw new AadServiceException(e4);
        }
    }

    private AbstractResponse sendRequest(AbstractRequest abstractRequest, AadRemoteNgcTelemetry.AadNgcRequest aadNgcRequest) throws AadServiceException {
        this._telemetry.logRequestStart(aadNgcRequest);
        try {
            return abstractRequest.send();
        } finally {
            this._telemetry.logRequestEnd(aadNgcRequest);
        }
    }

    public void approveNgcSession(String str, String str2, String str3, NgcSession ngcSession, String str4, String str5) throws NgcCredentialException, AadServiceException, UserNotAuthenticatedException, MissingMetadataException {
        RequestFactory requestFactory = new RequestFactory(this._applicationContext, this._environment, str);
        ApproveSessionRequest createApproveSessionRequest = requestFactory.createApproveSessionRequest(constructNgcAssertion(str, str3, ((GetNonceResponse) sendRequest(requestFactory.createGetNonceRequest(), AadRemoteNgcTelemetry.AadNgcRequest.GET_NONCE)).getNonce(), str5), str2, ngcSession.getSessionId(), NgcSession.SESSION_TYPE_NGC, str4);
        ngcSession.getTelemetry().setCorrelationId(createApproveSessionRequest.getClientRequestId());
        sendRequest(createApproveSessionRequest, AadRemoteNgcTelemetry.AadNgcRequest.APPROVE_SESSION);
    }

    public String deleteNgc(String str, String str2, String str3) throws AadServiceException, MissingMetadataException {
        Assertion.assertStringNotNullOrEmpty(str, "upn");
        Assertion.assertStringNotNullOrEmpty(str2, "accessToken");
        Assertion.assertStringNotNullOrEmpty(str3, "ngcKeyId");
        try {
            return ((NgcDeletionResponse) sendRequest(new RequestFactory(this._applicationContext, this._environment, str).createNgcDeletionRequest(str2, str3), AadRemoteNgcTelemetry.AadNgcRequest.NGC_DELETION)).getKeyId();
        } catch (NgcKeyNotFoundException unused) {
            return str3;
        }
    }

    public void denyNgcSession(String str, String str2, NgcSession ngcSession, String str3) throws AadServiceException, MissingMetadataException {
        ApproveSessionRequest createDenySessionRequest = new RequestFactory(this._applicationContext, this._environment, str).createDenySessionRequest(str2, ngcSession.getSessionId(), str3);
        ngcSession.getTelemetry().setCorrelationId(createDenySessionRequest.getClientRequestId());
        sendRequest(createDenySessionRequest, AadRemoteNgcTelemetry.AadNgcRequest.DENY_SESSION);
    }

    public AadRemoteNgcTelemetry getTelemetry() {
        return this._telemetry;
    }

    public List<NgcSession> listSessions(String str, String str2, ITelemetryManager iTelemetryManager) throws AadServiceException, MissingMetadataException {
        Assertion.assertStringNotNullOrEmpty(str, "upn");
        Assertion.assertStringNotNullOrEmpty(str2, "accessToken");
        List<NgcSession> ngcSessions = ((ListSessionsResponse) sendRequest(new RequestFactory(this._applicationContext, this._environment, str).createListSessionsRequest(str2, iTelemetryManager), AadRemoteNgcTelemetry.AadNgcRequest.LIST_SESSIONS)).getNgcSessions();
        BaseLogger.i("Successfully received pending sessions.");
        return ngcSessions;
    }

    public String registerNgc(String str, String str2, String str3) throws NgcCredentialException, AadServiceException, MissingMetadataException {
        Assertion.assertStringNotNullOrEmpty(str, "upn");
        Assertion.assertStringNotNullOrEmpty(str2, "accessToken");
        NgcCredentialManager ngcCredentialManager = new NgcCredentialManager(this._applicationContext);
        if (!ngcCredentialManager.containsKey(str)) {
            BaseLogger.e("Credential manager doesn't contain key for upn: " + str);
            return "";
        }
        try {
            NgcRegistrationResponse ngcRegistrationResponse = (NgcRegistrationResponse) sendRequest(new RequestFactory(this._applicationContext, this._environment, str).createNgcRegistrationRequest((RSAPublicKey) ngcCredentialManager.getPublicKey(str), str2, str3), AadRemoteNgcTelemetry.AadNgcRequest.REGISTRATION);
            Assertion.check(ngcRegistrationResponse.getUpn().equals(str), "Verify the response UPN matches the request UPN");
            return ngcRegistrationResponse.getKeyId();
        } catch (AadServiceException | MissingMetadataException e) {
            ngcCredentialManager.deleteKeyPair(str);
            throw e;
        }
    }

    public AadNgcPushNotificationRegistrationResponse sendNgcPushNotificationRegistrationRequest(String str, String str2, String str3, String str4, String str5) throws AadServiceException {
        return (AadNgcPushNotificationRegistrationResponse) sendRequest(new RequestFactory(this._applicationContext, this._environment, str2).createNgcPushNotificationRegistrationRequest(str, str3, str4, str5), AadRemoteNgcTelemetry.AadNgcRequest.PUSH_NOTIFICATION_REGISTRATION);
    }
}
